Download sample application - ADFDeclarativePermissions.zip. This sample implements one ADF library application, it brings Employees ADF Task Flow region:
Main application consumes ADF Task Flow region from ADF library and defines mapping between Enterprise and Application roles (Financials and accountants):
Let's assume, at this moment we don't have any permissions defined for ADF Task Flow imported from ADF library:
Deployment will be done without granted permission for this ADF Task Flow, we will specify it later from Oracle Enterprise Manager 11g.
There is permission for main page defined - every authenticated user can open main page:
Application was deployed on standalone WebLogic server, scott/welcome1 user authenticates to access main application page:
Main page loads successfully, however region is not rendered - as expected:
This happens, because there is no permission defined for ADF Task Flow imported from ADF library, as you saw few steps above.
We could go back to JDeveloper, assign permission there and redeploy our application. However, in production environment its hardly acceptable by the management, usually we want to do a fix without redeployment to minimize application down time.
We can go to Application Policies section accessible through Oracle Enterprise Manager 11g instead:
Review current permissions (only one available for authenticated users to view main page):
We can create new permission - define permission class and grantee (application role - accountants):
First you need to define TaskFlowPermission class, it should point to the address of ADF Task Flow we are defining permission for. Specify permission action as well (view):
Add application role in grantee section. This means defined permission will be available for all the users granted with this application role (accountants):
Complete new permission screen:
Now we have two permissions available:
Without redeployment, ADF evaluates new permission for user granted accountants application role, and renders ADF region successfully: